Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Satori - distributed tamper-resistant circumvention tools

Nathan Freitas nathan at freitas.net
Sat May 3 11:51:43 PDT 2014



On May 2, 2014 8:46:08 PM EDT, Griffin Boyce <griffin at cryptolab.net> wrote:
>On 2014-05-02 20:35, Andrew Cady wrote:
>> On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote:
>> 
>>>   No, though I have two-factor authentication using a secure device
>>> (not a cell phone), and I can't be vanned/rubber-hosed because I
>don't
>>> actually know the password to my Google developer account.  Some
>>> of this does require trust that I have a secure signing/uploading
>>> environment.
>> 
>> If you can upload code -- with or without a password -- then you can
>be
>> forced to upload malicious code (assuming you are vulnerable to vans 
>> and
>> rubber hoses).
>
>As could someone at Microsoft, Apple, or Canonical.  My current system 
>fails closed pretty hard, even in the case of, say, someone breaking 
>into my apartment.  The benefit of the project being open-source is
>that 
>such a change wouldn't go unnoticed.  And it's trivial to fetch the 
>extension code from Google and compare it.
>

Automated distributed deterministic build comparisons FTW!

Seriously, it seems like we are pretty close with such a thing for Android APKs, so perhaps Chrome extension bundles could be added to the list, as well.




More information about the liberationtech mailing list